CVEs from 2014
Total
7,931
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.5%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-6271 | unknown | — | 2.5 | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. | |
| CVE-2014-6278 | unknown | — | 1.5 | 8mo ago | GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment. | |
| CVE-2014-3931 | unknown | — | 1.5 | 11mo ago | Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption. | |
| CVE-2014-2120 | unknown | — | 1.5 | 2y ago | Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML… | |
| CVE-2014-0497 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. | |
| CVE-2014-0502 | unknown | — | 1.5 | 2y ago | Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. | |
| CVE-2014-100005 | unknown | — | 1.5 | 2y ago | D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session. | |
| CVE-2014-8361 | unknown | — | 1.5 | 3y ago | Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request. | |
| CVE-2014-0196 | unknown | — | 1.5 | 3y ago | Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with l… | |
| CVE-2014-4123 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | |
| CVE-2014-8439 | unknown | — | 1.5 | 4y ago | Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution. | |
| CVE-2014-0546 | unknown | — | 1.5 | 4y ago | Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context. | |
| CVE-2014-2817 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | |
| CVE-2014-4148 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. | |
| CVE-2014-4077 | unknown | — | 1.5 | 4y ago | Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanes… | |
| CVE-2014-3153 | unknown | — | 1.5 | 4y ago | The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. | |
| CVE-2014-3120 | unknown | — | 1.5 | 4y ago | Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. | |
| CVE-2014-4113 | unknown | — | 1.5 | 4y ago | Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | |
| CVE-2014-0322 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. | |
| CVE-2014-0160 | unknown | — | 1.5 | 4y ago | The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information. | |
| CVE-2014-0780 | unknown | — | 1.5 | 4y ago | InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution. | |
| CVE-2014-9163 | unknown | — | 1.5 | 4y ago | Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely. | |
| CVE-2014-6332 | unknown | — | 1.5 | 4y ago | OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site. | |
| CVE-2014-6287 | unknown | — | 1.5 | 4y ago | The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs. | |
| CVE-2014-6324 | unknown | — | 1.5 | 4y ago | The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges. | |
| CVE-2014-0496 | unknown | — | 1.5 | 4y ago | Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution. | |
| CVE-2014-4114 | unknown | — | 1.5 | 4y ago | A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. | |
| CVE-2014-6352 | unknown | — | 1.5 | 4y ago | Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object. | |
| CVE-2014-1761 | unknown | — | 1.5 | 4y ago | Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. | |
| CVE-2014-4404 | unknown | — | 1.5 | 4y ago | Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. | |
| CVE-2014-7169 | unknown | — | 1.5 | 4y ago | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vul… | |
| CVE-2014-1776 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user. | |
| CVE-2014-1812 | unknown | — | 1.5 | 5y ago | Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker … | |
| CVE-2014-0130 | unknown | — | 1.5 | 12y ago | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted re… |